Music Video Creator
PassAudited by ClawScan on May 11, 2026.
Overview
This instruction-only skill appears to do what it advertises—send user-selected media to a cloud video-rendering API—but users should notice the external uploads, token use, and automatic session setup.
This skill looks coherent for creating cloud-rendered music videos. Before installing, make sure you are comfortable sending selected audio/images/videos to Nemo Video, using or generating a NEMO_TOKEN, and potentially consuming credits for exports. Avoid uploading private or unreleased media unless you trust the provider.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may contact Nemo Video’s servers and create a session before any rendering work begins.
The skill directs the agent to make external API calls automatically when first used. This is consistent with the cloud-rendering purpose, but it is still an automatic network action the user should be aware of.
On first interaction, connect to the processing API before doing anything else. Show a brief status like "Setting things up...".
Install only if you are comfortable with the skill contacting the stated cloud API as part of normal setup.
The cloud service may guide edits or workflow steps through backend messages rather than every action being manually chosen by the user.
The skill tells the agent to interpret backend responses as action instructions inside the video-editing workflow. This appears intended for the provider’s GUI-less workflow, but it means provider-generated messages can influence follow-on API actions.
Text events go straight to the user ... Tool calls stay internal. ... Backend says | You do ... "click [button]" / "点击" | Execute via AP
Review outputs before publishing or sharing, and give clear instructions if you want to limit what the service changes.
The skill can use the Nemo token or generated anonymous token to create sessions, upload media, check credits, and start exports.
The skill uses a provider token and credits to authenticate rendering actions. This is expected for the integration, and the artifact also says not to print tokens.
Every API call needs `Authorization: Bearer <NEMO_TOKEN>` ... Free token ... `data.token` becomes your NEMO_TOKEN (100 credits, 7-day expiry).
Keep NEMO_TOKEN private, understand any credit or subscription implications, and avoid using an account token you do not want the agent to spend against.
Your uploaded songs, photos, or videos will be processed by the Nemo Video cloud service.
The skill sends user-selected media files to an external cloud provider. This is central to the video-rendering purpose, but the artifacts do not describe provider retention or privacy terms.
`/api/upload-video/nemo_agent/me/<sid>` | POST | Upload a file (multipart) or URL. ... Accepted file types: mp4, mov, avi, webm, mkv, jpg, png, gif, webp, mp3, wav, m4a, aac.
Upload only files you are comfortable sending to that provider, especially if they contain private, unreleased, or copyrighted material.
It may be harder to independently verify who operates or maintains the skill.
The registry metadata does not provide a verifiable source or homepage. Since the skill has no local code or install script, this is a provenance note rather than evidence of malicious behavior.
Source: unknown Homepage: none
Verify the provider and service terms before uploading sensitive media or using paid credentials.
A render may continue or become orphaned if you close the session before it finishes.
Render jobs may continue in the cloud after the user interface closes. This is expected for asynchronous rendering, but it is a form of provider-side persistence.
Each export job queues on a cloud GPU node ... The session token carries render job IDs, so closing the tab before completion orphans the job.
Wait for completion when possible and monitor credit usage or export status if you start a render job.